Privacy and Security: What’s the Difference?

Article Summary: Security controls are put in place to control who can access the information, but privacy controls are for when and what they can access. For example, doctors at a nationwide primary care chain most likely have security access to each patient’s account information across the country, but should only have privacy access when there […]

Read More

What We Learned from MS Azure Bootcamp

The brain power was palpable. We hosted the Global Azure Bootcamp at our space in Richmond, Virginia, and the attendees were ready to tackle some big cloud issues during breakouts and presentations. We asked attendees to fill out a survey about their cloud adoption and implementation journeys, as well as their top challenges. They revealed […]

Read More

Essential Steps to Strengthening Cybersecurity

  Many organizations know they must have the basics: hire a CISO, perform a risk assessment, and find security vendors to fill up the holes. Unfortunately, these are often mere boxes to check. Cathie Brown offers a few simple considerations in each of those steps that will strengthen your cybersecurity posture, like what to look […]

Read More

How I Found Inspiration in Financial Services Deregulation

Values are proven when demonstrated without a mandate to do so. You won’t find a financial services institution that does not have a theme of customer, fairness or integrity woven into its core values. The current industry deregulation trend is a powerful opportunity for financial services firms to show and prove their values, and that […]

Read More

Organizational Risk Management Not Just About Compliance

Organizational risk management is too often treated as a compliance issue with complex rules that result in a back office tracking of risks that don’t see the light of day.  This presentation contrasts a traditional view of organizational risk management with an alternative view provided in a Harvard Business Review article by Robert S. Kaplan […]

Read More

Presentations at COV Information Security Conference

2018 COV Presentation: NICE and the Cybersecurity Workforce Framework Presenter(s): Dave Zaras and Eddie McAndrew The National Initiative for Cybersecurity Education (NICE) has produced the Cybersecurity Workforce Framework (CWF) with the intent of closing the cybersecurity talent gap. The NICE CWF identifies seven broad categories of security roles which comprise thirty-two specialty areas. Detailed work […]

Read More

Cybersecurity Doesn’t Work Without Culture Change

Article Summary: A culture of cybersecurity only truly takes root when it’s embedded into daily decision-making and a part of everyone’s roles, including the C-Suite. Annual training videos can be effective, but only if they are supplemented with ongoing, engaging activities, combined reward structures or competitions. Workforce members outside of security and IT need seats […]

Read More

Too Many Organizations Overlook One of These Cybersecurity Building Blocks

While most organizations have made some investments in each of the three building blocks of cybersecurity, many overemphasize “technology.” The most overlooked component are the “people,” which will actually make or break the effectiveness of your cybersecurity. As the former Deputy Chief Information Security Officer of the Commonwealth of Virginia, Cathie Brown has seen it […]

Read More

Transformation Without OCM is Wishful Thinking

Hacking Change Management: Part 3 Article Summary: Failed Transformation Red Flag #1: Project team does not embed the OCM team with the delivery team Failed Transformation Red Flag #2: Project team fails to create an end-to-end view of the value stream Physical visualizations create transparency on the timing and impact of OCM activities, allowing non-OCM […]

Read More